Removing Role and Entitlement Attribute Assignment using Sailpoint IIQ API
public removeRoleAssignments(String identityName, ProvisioningProject project){ Identity identity = context.getObjectByName(Identity.class, identityName); if (identity != null){ ProvisioningPlan plan = project.getMasterPlan(); AccountRequest accountRequest; List attributeRequests = new ArrayList(); if( plan != null){ List accountRequestList = new ArrayList(); accountRequestList = plan.getAccountRequests("IIQ"); accountRequestList.addAll(plan.getAccountRequests("IdentityIQ")); if(accountRequestList != null && !accountRequestList.isEmpty()){ for(AccountRequest account: accountRequestList){ ProvisioningPlan roleRemovalplan = new ProvisioningPlan(); roleRemovalplan.setIdentity(identity); if(account != null){ List roleAttributeRequests = new ArrayList(); attributeRequests = account.getAttributeRequests("assignedRoles"); if(attributeRequests != null && !attributeRequests.isEmpty() ){ AccountRequest roleRequest = new AccountRequest(AccountRequest.Operation.Modify, ProvisioningPlan.APP_IIQ, null, identity.getName()); for(AttributeRequest attributeRequest : attributeRequests) { roleAttributeRequests.add(new AttributeRequest(ProvisioningPlan.ATT_IIQ_ASSIGNED_ROLES, ProvisioningPlan.Operation.Remove, attributeRequest.getValue())); } roleRequest.addAll(roleAttributeRequests); roleRemovalplan.add(roleRequest); Provisioner provisioner = new Provisioner(context); provisioner.setNoRoleExpansion(true); provisioner.execute(roleRemovalplan); } } } } } context.saveObject(identity); context.commitTransaction(); } } public removeAttributeAssignments(String identityName, ProvisioningProject project){ Identity identity = context.getObjectByName(Identity.class, identityName); boolean updateRequired = false; String createOperation="Create"; if(null !=identity){ List attrAssignments = identity.getAttributeAssignments(); if(Util.nullSafeSize(attrAssignments)>0){ List attrAssigns = new ArrayList(attrAssignments); if(project != null){ List expPlans = project.getPlans(); List accountRequestList = new ArrayList(); for(ProvisioningPlan expPlan : Util.safeIterable(expPlans)){ String source; source=expPlan.getSource(); accountRequestList = expPlan.getAccountRequests(); for(AccountRequest accRequest : Util.safeIterable(accountRequestList)){ String operation=accRequest.getOp().toString(); if(!Util.nullSafeCaseInsensitiveEq(createOperation,operation)){ for(AttributeRequest attrReq : Util.safeIterable(accRequest.getAttributeRequests())){ if(attrReq!=null && "Remove".equalsIgnoreCase(attrReq.getOp().toString())){ String requestedgrp = attrReq.getValue(context).toString(); for (AttributeAssignment attrAssignment : attrAssigns){ String attAssignmentValue=attrAssignment.getValue(); if(Util.nullSafeCaseInsensitiveEq(attAssignmentValue,requestedgrp) && (Util.nullSafeCaseInsensitiveEq("LCM",source)||Util.nullSafeCaseInsensitiveEq("Batch",source))){ attrAssignments.remove(attrAssignment); updateRequired = true; } } } } } } } } } if (updateRequired) { identity.setAttributeAssignments(attrAssignments); context.saveObject(identity); context.commitTransaction(); } } }
No comments:
Post a Comment